All Apps and Add-ons

In Splunk App for Microsoft Exchange, do I need to configure DNS and AD in order to get Exchange message data?

nick405060
Motivator

We recently upgraded to EX16 so we're looking to be able to search EX16 message data ASAP. The documentation for Exchange involves getting Windows, AD, and DNS data, but I don't understand if each of those configurations is actually needed or not.

Basically, I have successfully completed each of the steps except for DNS and AD (I attempted to skip those) and am not getting message data (other exchange data is going into the msexchange index, but no message data) and am wondering if that's because I skipped those steps, or if there's another reason.

http://docs.splunk.com/Documentation/MSExchange/3.5.0/DeployMSX/ConfigureExchangeservers

0 Karma
1 Solution

nick405060
Motivator

I opened a support ticket on this: you do NOT need to configure DNS and AD in order to configure Exchange. It's pretty misleading though, because the official guide on setting up Exchange for Splunk is pretty thorough, and definitely makes you think you have to set up DNS and AD in order to set up Exchange.

Been receiving Exchange data for the last few weeks successfully.

View solution in original post

0 Karma

nick405060
Motivator

I opened a support ticket on this: you do NOT need to configure DNS and AD in order to configure Exchange. It's pretty misleading though, because the official guide on setting up Exchange for Splunk is pretty thorough, and definitely makes you think you have to set up DNS and AD in order to set up Exchange.

Been receiving Exchange data for the last few weeks successfully.

0 Karma

marycordova
SplunkTrust
SplunkTrust

If you are looking to get message trace data the below Add-on has worked flawlessly for me, it hasn't broken once since I installed it. It allows you to collect message trace data without all the other stuff, so if you don't want AD/DNS you might look at this one.

https://splunkbase.splunk.com/app/3720/

From the docs you linked it looks like to me the App you are using is for "platform health and performance" which I wouldn't necessarily think includes message traces, but, it seems to explicitly state that it does "Track messages throughout your messaging environment" despite there being no configuration details for this.

Perhaps you could open a support ticket to get the docs updated either with instructions or to remove that point if it doesn't in fact support that functionality.

@marycordova
0 Karma

marycordova
SplunkTrust
SplunkTrust

oh...and then there's this..."You must have a license for the app"...

@marycordova
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...